Bug#361913: linphone: passwords stored world-readable

Samuel Mimram samuel.mimram at ens-lyon.org
Fri Apr 21 15:39:33 UTC 2006


Simon Morlat wrote:
> Any ideas on an api to store password in an encrypted manner ?
> The .gnome2/ tree is (as far as I understand) outdated since gconf is being 
> used.
> I would prefer those password to be stored encrypted by linphone itself, since 
> the linphone engine is independant from gnome/kde or whatever.

I don't think encryption is needed here. A configuration file chmoded 
with proper permissions should be enough...

> Le Mercredi 12 Avril 2006 01:11, Samuel Mimram a écrit :
>> Lionel Elie Mamane wrote:
>>> The accounts information, including CLEAR-TEXT passwords, is stored in
>>> $HOME/.gnome2/linphone, which is by default world-readable. It should
>>> be in $HOME/.gnome2_private/linphone (or any other path below
>>> $HOME/.gnome2_private/), where it will be safe, since
>>> $HOME/.gnome2_private/ is mode 0700.
>> Argh. Thanks for noticing this. I'll try to come up with a patch soon.

More information about the Pkg-voip-maintainers mailing list